%ALLUSERSTARTMENU%\Programs\PC Protection Center 2008\
%ALLUSERDESKTOP%\PC Protection Center 2008.lnk
%PROGRAMFILES%\PC Protection Center 2008\
%SYSTEM%\vbzlib2.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Protection Center 2008]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus Software]
%ALLUSERPROFILE%\Start Menu\Programs\Antivirus XP 2008\
%ALLUSERPROFILE%\Start Menu\Programs\Antivirus XP 2008.lnk
%AllUserDesktop%\Antivirus XP 2008.lnk
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
%DESKTOP%\Malware Bell 3.2.lnk
%STARTMENU%\Programs\Malware Bell 3.2.lnk
%PROGRAMFILES%\MalwareBell
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Bell]
[-HKEY_CURRENT_USER\Software\MalwareBell]
Update, due to legit software (XunLei, a Chinese downloader) , using the same CLSID as the infection, this one is not removed anymore:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0EEDB911-C5FA-486F-8334-57288578C627}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EEDB911-C5FA-486F-8334-57288578C627}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB911-C5FA-486F-8334-57288578C627}]
%PROGRAMFILES%\Online Video Add-on\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Video Add-on] (C:\Program Files\Online Video Add-on\uninst.exe)
Correction of a minor bug (missing caracter } ) in
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{eb86b46a-d6db-4478-8f5f-06cb2ebc1b35}"=-
Update: swreg.exe v2.0.0.1 by SteelWerx
Added: dumphive.exe - Markus Stephany (http://www.mirkes.de)
Added: Export of [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]:"AppInit_DLLs" Value (Thanks Grinler)
Option 4 has been removed, Generic Renos Fix is now integrated in Option 2.
SharedTaskScheduler is exported in the log before and after Option 2.
Mode (Safe Mode / Normal Mode) is reported in the log.
Bug correction with Generic Renos Fix (all keys were not removed from registry when several infections were registered) Thanks to Marckie.
Version 2.45 (May 18, 2006)
%SYSTEM%\kernels8.exe (see kernels32.exe)
%SYSTEM%\dcom_16.dll (see dcom_15.dll)
C:\Documents and Settings\user\Bureau\AdwareSheriff.lnk
C:\Documents and Settings\All Users\Menu D�marrer\Programmes\AdwareSheriff\*.*
C:\Documents and Settings\user\Local Settings\Application Data\AdwareSheriff\*.*
C:\Documents and Settings\user\Menu D�marrer\Programmes\D�marrage\asheriff.lnk
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\AdwareSheriff.lnk
C:\Program Files\AdwareSheriff\*.*
%SYSTEM%\wiatwain.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}=WaitWain for Windows
HKEY_CLASSES_ROOT\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}
HKEY_CURRENT_USER\Software\Classes\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}